[Imc-tech] zip file death
Clint Popetz
clint at cpopetz.com
Fri Apr 16 11:47:41 CDT 2004
On Fri, Apr 16, 2004 at 10:48:50AM -0500, Zachary C. Miller wrote:
> Today we were once again massively flooded with downloads of zip files
> that have been newly uploaded to our ucimc server. I put a directive
> into apache to block all requests for all files ending in .zip. There
> are currently no non-encrypted legitimate .zip files on the ucimc.org
> site so this doesn't really hurt anything.
>
> People can still upload .zip's they just can't download them.
>
> It'd be great if someone who knew dada and has admin access could go
> in and disable the ability to upload .zip's.
Ok, I applied the following patch. Note that it won't catch zips that
are really zips but are re-named something else...the mime-type for
zips in most browsers is too generic (application/octet-stream).
-Clint
*** imc_classes/imc_Article.inc Fri Apr 16 11:44:58 2004
--- imc_classes/imc_Article.inc Fri Apr 16 11:42:46 2004
*************** class Article extends Object {
*** 980,983 ****
--- 980,992 ----
// add media types of uploaded files
if (isset($_FILES['userfile']) && isset($_FILES['userfile']['type'])) {
+
+ foreach($_FILES['userfile']['name'] as $name) {
+ if (preg_match('/.zip$/i',$name)) {
+ echo ('<p class="nogood">'._('Sorry, uploads of zip files are disabled.').'</p>');
+ $this->edit();
+ return false;
+ }
+ }
+
foreach($_FILES['userfile']['type'] as $value) {
// MIME-types can have optional parameters after the type/subtype,
More information about the Imc-tech
mailing list